Guard

AIVory Cursor Extension

The AIVory extension brings real-time compliance and security scanning directly into Cursor, the AI-first code editor. Get instant feedback on compliance violations as you code, with seamless integration into Cursor’s AI features.

  • Real-time scanning as you write code with inline warnings and quick fixes
  • AI code detection for Composer, Tab, and Chat-generated code
  • 18+ compliance standards including OWASP Top 10, GDPR, HIPAA, PCI-DSS
  • Zero configuration with intelligent defaults and free tier available
  • Cursor Rules integration for automated compliance workflows
Note Download from Open VSX - Install the extension directly in Cursor.

Why AIVory for Cursor?

Cursor is built for AI-powered development, and AIVory ensures every line of AI-generated code meets compliance standards.

Real-Time Scanning
Continuous compliance validation as you write code
Inline Warnings
See violations directly in your editor with quick-fix suggestions
AI Code Detection
Automatically identifies and validates AI-generated code segments
Composer Integration
Scans multi-file changes generated by Cursor Composer
Tab Integration
Validates autocomplete suggestions before insertion
Chat Integration
Works with Cursor’s AI chat for compliance-aware code generation

Installation

Step 1: Install from Cursor Marketplace

  1. Open Cursor
  2. Go to Extensions (Ctrl+Shift+X or Cmd+Shift+X)
  3. Search for “AIVory”
  4. Click Install

Step 2: Configure API Token

  1. Open Cursor Settings (Ctrl+, or Cmd+,)
  2. Search for “AIVory”
  3. Enter your API Token from app.aivory.net/tokens
Note Free Tier Available: Start with OWASP Top 10 scanning (3 scans/day, 15 files/scan) - no token required!

Step 3: Start Coding

That’s it! AIVory will now scan your code in real-time as you type.


Cursor-Specific Features

Composer Integration

AIVory integrates seamlessly with Cursor Composer, scanning multi-file code changes before they’re applied:

  1. Use Composer to generate multi-file changes
  2. AIVory scans all modified files automatically
  3. Review compliance warnings before accepting changes
  4. Fix violations with Composer’s help
  5. Re-scan to verify compliance
Note Pro Tip: Configure Composer to always scan with AIVory by adding rules to .cursorrules - see the Cursor Rules Integration section below.

Tab Autocomplete Integration

AIVory validates Cursor Tab suggestions in real-time:

  • Scans autocomplete suggestions before they appear
  • Shows compliance warnings for problematic suggestions
  • Suggests compliant alternatives
  • Works with single-line and multi-line completions

Chat Integration

Use AIVory with Cursor’s AI Chat for compliance-aware code generation:

You: Write a user authentication function with JWT

Cursor AI: [generates code]

AIVory: [scans automatically and shows inline warnings]

You: Fix the compliance violations

Cursor AI: [generates compliant version]

AIVory: All checks passed!

Command Palette Commands

Access AIVory features via Cursor’s Command Palette (Ctrl+Shift+P or Cmd+Shift+P):

Command Description
AIVory: Scan Current File Manually trigger scan
AIVory: Scan Workspace Scan all files in workspace
AIVory: View Scan Results Open violations panel
AIVory: Configure Settings Quick access to settings
AIVory: Show Documentation Open docs

Key Features

Real-Time Compliance Scanning

AIVory continuously monitors your code as you type:

Instant Feedback
See violations within seconds
Inline Warnings
Violations appear as yellow/red squiggles
Hover Details
Hover over violations for detailed explanations
Quick Fixes
Click light bulb for suggested fixes
Note AIVory auto-scans on save, paste, and AI generation events.

Multi-Language Support

AIVory supports 70+ languages including JavaScript, TypeScript, Python, Java, Kotlin, Go, PHP, C#, C++, Ruby, Rust, Swift, and many more.

AI Code Detection

AIVory automatically detects AI-generated code:

  • Identifies code from Cursor Composer
  • Tracks Tab autocomplete insertions
  • Monitors chat-generated code blocks
  • Flags AI code for extra scrutiny
  • Maintains audit trail of AI contributions

Compliance Standards

Scan against 18+ compliance standards including OWASP Top 10, GDPR, HIPAA, PCI-DSS, SOC 2, ISO 27001, NIST, CIS Controls, CCPA, and more.

Note Configure which standards to scan in Cursor Settings under the AIVory section.

Configuration

Extension Settings

Configure AIVory in Cursor Settings (Ctrl+, or Cmd+,):

Basic Settings
{
  "aivory.apiToken": "your_api_token_here",
  "aivory.autoScan": true,
  "aivory.scanOnSave": true,
  "aivory.scanOnPaste": true
}
Compliance Standards
{
  "aivory.standards": [
    "OWASP",
    "GDPR",
    "HIPAA",
    "PCI-DSS",
    "SOC2"
  ]
}
Scan Sensitivity
{
  "aivory.severity": "medium", // low, medium, high, critical
  "aivory.showInfoLevel": false,
  "aivory.showWarningLevel": true,
  "aivory.showErrorLevel": true
}
AI Code Settings
{
  "aivory.detectAICode": true,
  "aivory.requireAIScanApproval": true,
  "aivory.highlightAICode": true
}

Project-Level Configuration

Create .aivoryrc in your project root:

{
  "standards": ["OWASP", "GDPR"],
  "severity": "high",
  "excludePatterns": [
    "node_modules/**",
    "dist/**",
    "build/**",
    "*.test.js"
  ],
  "includePatterns": [
    "src/**/*.js",
    "src/**/*.ts"
  ]
}

Workspace Settings

Configure per-workspace in .vscode/settings.json:

{
  "aivory.enabled": true,
  "aivory.standards": ["OWASP", "HIPAA"],
  "aivory.severity": "high"
}

Cursor Rules Integration

Create or edit .cursorrules in your project root to enforce compliance workflows:

Complete .cursorrules Example
# AIVory Compliance Rules

## Code Generation
When writing or modifying code:
1. Write the code as requested
2. Wait for AIVory extension to scan automatically
3. Review inline compliance warnings
4. Fix all violations before proceeding
5. Re-scan to verify compliance

## Composer Workflow
When using Composer for multi-file changes:
1. Review Composer's proposed changes
2. Wait for AIVory to scan all affected files
3. Check for compliance violations in each file
4. Fix violations using Composer
5. Only accept changes when AIVory shows no violations

## Chat Workflow
When generating code via chat:
1. Generate the requested code
2. AIVory scans automatically
3. If violations found, ask AI to fix them
4. Continue until no violations remain
5. Only then mark task complete

## Never Skip
- Never ignore AIVory warnings
- Never disable AIVory for convenience
- Never commit code with unresolved violations
- Always verify fixes with re-scan
Warning Never complete a Composer session or commit code with unresolved compliance violations.

Workflow Examples

Example 1: Writing Secure Authentication
You: Create a user login endpoint with password hashing

Cursor Composer:
  - Creates login.js
  - Adds password hashing with bcrypt
  - Implements JWT tokens

AIVory scans and finds:
  Warning: Missing rate limiting (OWASP)
  Warning: No password complexity requirements (OWASP)
  Warning: JWT secret not validated (OWASP)

You: Fix these OWASP violations

Cursor Composer:
  - Adds express-rate-limit
  - Implements password policy
  - Validates JWT configuration

AIVory re-scans:
  Success: All OWASP checks passed
  Success: Code is compliant

You: Accept changes
Example 2: GDPR-Compliant Data Handler
You: Write a user data handler for storing customer information

Cursor generates code...

AIVory scans and finds:
  Warning: Missing data retention policy (GDPR)
  Warning: No consent tracking (GDPR)
  Warning: Personal data not encrypted at rest (GDPR)

You: Make this GDPR compliant

Cursor fixes violations...

AIVory re-scans:
  Success: All GDPR checks passed
Example 3: Batch Scanning Workspace
Command Palette -> AIVory: Scan Workspace

AIVory scans all files and reports:
  - 142 files scanned
  - 12 violations found
  - 3 critical, 5 high, 4 medium

Click "View Results" to see violation list
Fix violations file by file
Use "Scan Workspace" again to verify

Troubleshooting

Extension Not Scanning

Problem: AIVory doesn’t scan files automatically

Solutions:

  1. Check extension is enabled: Extensions -> AIVory -> Enabled
  2. Verify API token in settings: aivory.apiToken
  3. Check file type is supported: .js, .py, .java, etc.
  4. Restart Cursor: Close and reopen
Inline Warnings Not Showing

Problem: No squiggly lines appear for violations

Solutions:

  1. Check severity settings: aivory.severity
  2. Enable warning level: aivory.showWarningLevel: true
  3. Verify language support: Not all languages show inline warnings yet
  4. Check Problems panel: View -> Problems
Composer Not Scanning

Problem: Composer changes don’t trigger AIVory scan

Solutions:

  1. Enable auto-scan: aivory.autoScan: true
  2. Scan on save: Save files after Composer applies changes
  3. Manual scan: Use Command Palette -> AIVory: Scan Current File
  4. Check .cursorrules: Ensure rules are configured
API Token Invalid

Problem: “Invalid API token” error

Solutions:

  1. Generate new token: app.aivory.net/tokens
  2. Copy token exactly (no extra spaces)
  3. Update settings: aivory.apiToken
  4. Restart Cursor
Rate Limits (Free Tier)

Problem: “Rate limit exceeded” error

Solutions:

  1. Free tier limits: 3 scans/day, 15 files/scan
  2. Upgrade to full access: app.aivory.net/register/plans
  3. Scan selectively: Disable auto-scan, scan manually
  4. Use project config: Add excludePatterns to skip test files

Dashboard Integration

View detailed metrics at app.aivory.net:

Scan History
All scans with timestamps
Violation Trends
Track improvements over time
Team Activity
See team member contributions
Compliance Reports
Export for audits

See Dashboard Documentation for details.


Next Steps

Note Try All Platforms: Not sure if Cursor is right for you? AIVory is available for JetBrains IDEs, VS Code, Cursor, Claude Code (MCP), and more. Explore All Platform Options